The data breach is inevitable. It doesn’t matter how secure your organization is, at some point it may face a data breach. With the rapid growth of global data, the biggest data breaches were recorded in 2005. Millions of data have been made public due to security measures, SSN, Passwords, Credit card details, Bank details, Personal information, and Military information. There are numerous reasons why this security breach occurred. Some of them are Social Engineering, Physical attacks, Misuse of privileged access, Weak & Stolen passwords, Malware, etc. The longer it remains unnoticed, the more damage it’s going to cause.
Reason No 1: Physical Theft of a Data-Carrying Device
Mostly organizations stored their data in physical devices; such as laptops, servers, smartphones, hard drives, CDs & DVDs. These devices can hold sensitive information. The severity of a data breach from a stolen device depends largely on the nature of the information stored on the device. If the stolen device not wiped up, it may occur more severe data breach. This device theft is difficult to identify as thieves are more opportunistic in nature which makes them unpredictable (Fang, Liu 2020).
Solution: Stolen laptops were the main reason for a data breach in 2008. A good encryption policy can be enforced in the workplace. Encrypted keys to be used in employee’s devices and also need to limit the removal of data storing devices from the workplace.
Reason No 2: Old un-patched applications
Common Vulnerability Exposures are the measurement for figuring out data exploitation. This can be used as a reference in the future. Any application software that has minimal vulnerability can be exploited by hackers. Vendors released an update of designed application which contains a patch to fix application bug/vulnerability. According to Verizon(2015), most of the exploited bugs have been compromised after the CVE report publication. Unpatched, Old vulnerable applications give hackers free access to any sensitive information (Adrian, Harrington 2015).
Solution: Vulnerability assessments should be performed regularly in an organization. Update applications whenever new patches are released. Application update makes sure no bugs exist till time. A vulnerability check can be done within an organization’s network both internally and externally. These security checks need to be performed every week rather than once a quarter.
Reason No 3: Malware
According to several types of research, five malware attacks are occurring every 5 seconds. Malware is malicious software that can be installed on the target computer through bug/un-patched application aforementioned. Malware events look very simple in nature but cause severe damage to information security. New malware is hardly being created, hackers are making a slight modification on existing malicious software. This makes the malware untraceable for the antivirus. Malware can be a key logger to track your typing and sensitive details or can be ransom-ware also. In 2005, malware caused 34% of security breaches alone (Robert, Holtfreter 2015).
Solution: Systems such as web-servers, active directory, internal servers that can be accessed over the internet need to implement intrusion detection. Users need to be educated about social engineering and should be aware of junk mails containing attachments. Website cookies can steal other session information, so users need to stop permitting dodgy websites.
Additionally in 2020 we've seen Zoombombing during the covid era. Zoombombing occurs when an uninvited person joins the meeting which has raised security issues. Zoombombers often hurl racial slurs or profanity. Sometimes it goes far beyond offensive imagery and pornography.
Security Threats:
The intrusion of zoombombers raised questions about “Zoom Phishing”. Work from home employers falls victim to this issue. Malicious links come from attackers disguising as the HR department. It invites victims to join meeting in a minute to discuss possible termination of employment. Whenever a victim clicks on that link, it takes them to a Zoom look-alike page. It is a fake page but if the victim enters their credentials, their zoom account will be doomed (Marshal, Gunnel 2020).
Malware zoom application has been spotted by a security specialist. These zoom applications either was modified or corrupted with different malicious applications. Embedded zoom applications can run as spyware. It can even turn off the user’s webcam, can perform tasks as key-loggers. Often it installs a funny version of zoom which can collect data about the operating system it is running on. Malware zoom can be run along with the legitimate version of zoom. So users normally do not suspect the embedded zoom. However till that time, their system has already been compromised (Rae, Hodge 2020).
Solutions:
End to end encryption needs to put in place to acquire secure message and file sharing service. Meeting mode to be made available for private users rather than for the public. New security patch to eliminate previous bugs to increase privacy protection. Improvement of cloud recording passwords by having wider control over the regional servers. For meetings, join through the zoom website not using zoom application. The website version has more security enhancements. As the web version sits in a sandbox, it doesn’t allow other harmful apps to be installed.